Friday, August 22, 2014
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Demand For iPhone 6 Screens Add Perssure To Supply Chain
Intel Highlights Its Wireless Computing Plans
Ouya Parners With Xiaomi On Games
Sony Offers New Smart Tennis Sensor
Microsoft to Announce Windows 9 on September Event: report
Acer Unveils New Chromebox CXI and Chromebook 11
Fraunhofer To Showcase The Future Of TV at IBC
Intel, Chunghwa Telecom Team up on Internet of Things
Active Discussions
help questions structure DVDR
Made video, won't play back easily
Questions durability monitor LCD
Questions fungus CD/DVD Media, Some expert engineer in optical media can help me?
CD, DVD and Blu-ray burning for Android in development
IBM supercharges Power servers with graphics chips
Werner Vogels: four cloud computing trends for 2014
Video editing software.
 Home > News > General Computing > Researc...
Last 7 Days News : SU MO TU WE TH FR SA All News

Monday, January 28, 2013
Researcher Finds New Bug In Java


Despite the recent commitment by the head of Java security that his team would fix bugs in the Java software, a researcher claims that a bug can still allow browser attacks.

The Java 7 Update 10 as well as the latest Update 11 let users decide which Java applets are allowed to run within their browsers. According to Oracle, users may control the level of security that will be used when running unsigned Java apps in a web browser. Apart from being able to completely disable Java content in the browser, four security levels can be used for the configuration of unsigned Java applications:

- "Low" - Most unsigned Java apps in the browser will run without prompting
- "Medium" - Unsigned Java apps in the browser will run withoutprompting only if the Java version is considered secure.
- "High" - User will be prompted before any unsigned Java app runs in the browser.
- "Very High" - Unsigned (sandboxed) apps will not run.

But according to Adam Gowdiak, CEO of Security Explorations, none of the settings can stymie an attacker. He claims that in practice, it is possible to execute an unsigned (and malicious) Java code without a prompt corresponding to security settings configured in Java Control Panel.

Gowdiak said that a 'Proof of Concept' code that illustrates Issue 53 had been executed in the environment of latest Java SE 7 Update 11 (JRE version 1.7.0_11-b21) under Windows 7 OS and with "Very High" Java Control Panel security settings.

Gowdiak suggests that people turn to a browser with 'click-to-play,' a feature that forces users to explicitly authorize a plug-in's execution. Chrome and Firefox include support this feature.


Previous
Next
Pantech Introduces 5.9-inch Full-HD Smartphone        All News        RIM Unveils Lower BlackBerry World Price Tiers
Google Offers More Than 3 Million In Rewards For Chrome OS Hacking Contest     General Computing News      Samsung to Invest in Shanghai Plant: report

Get RSS feed Easy Print E-Mail this Message

Related News
GPU Acceleration Coming to Java
New Emergency Fix Releaseed For Java zero-day Exploit Released
New Critical Patch For Java SE Released
Oracle Patches Java Bugs
Java Said To Put Computers in High Risk
Google Threatens To Exclude French Web sites From Search
Apple Removes Java From OS X
Industry Leaders Launch UTI, Home to the Java Verified Program
Sun Releases Java to The Open Source Community
JBlend Deployed in Sony Ericsson's First 3G i-mode Handset
Sony Ericsson releases Mobile JUnit for Java ME
New Java spec published

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .